2. Spreading path and symptoms of infection
* Malicious file disguised as a normal game in China
PPXIU (http://www.ppxiu.com/) is known as China's first interactive gaming community, And this following figures are normal screen of the original Android game.
INCA Internet Response Team found malicious file disguised as a PPXIU, Android game.
This malicious application needs the following rights at the time of installation
As a result after testing between malicious file and normal file in same mobile phones, INCA Internet Response Team found that some characters of malicious file were broken while performing installation as follows.
Malicious files tries to send text messages using premium text messages to a specific phone number, so the user can be caused billing. But this number is estimated to be in Chinese internal telephone numbers for local, further analysis is underway.
In addition, a malicious file tries to leaking IMEI, IMSI information of android phone out to an Chinese specific Web site.
nProtect Mobile for ANDROID products detected as Trojan-Spy/Android.FakePPx.A. In addition, we also found other variant malicious sample and can be detected Trojan-Spy/Android.FakePPx.A.
3. How to prevent
This malicious game application designed to target users in China, So, its overseas damage except China has not been reported. Because of the characteristic of smartphone applications, installing overseas’ application is relatively easy. But, with a possibility of emerging this kind of malicious applications remains as a threat. Also, in case of malicious application using repackaging, double packaging, it can install malicious application by stealth.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats
* Diagnosis name